Skip to main content

Crate zerodds_bridge_security

Crate zerodds_bridge_security 

Source
Expand description

Crate zerodds-bridge-security. Safety classification: STANDARD.

Shared security layer for ZeroDDS bridge daemons (ws / mqtt / coap / amqp / grpc / corba).

Spec: ZeroDDS Bridge Spec 1.0 §7.1 (TLS), §7.2 (auth modes), §7.3 (topic ACL).

§Layer position

Layer 5 (Bridges) — substrate crate for all six bridge daemons.

§Public API (as of 1.0.0-rc.1)

§Example

use zerodds_bridge_security::{Acl, AclOp, AuthSubject};

let subj = AuthSubject::new("alice").with_group("publishers");
let acl = Acl::allow_all();
let _allowed = acl.check(&subj, AclOp::Write, "/topics/trade");

Re-exports§

pub use acl::Acl;
pub use acl::AclEntry;
pub use acl::AclOp;
pub use auth::AuthError;
pub use auth::AuthMode;
pub use auth::AuthSubject;
pub use connection::RotatingTlsConfig;
pub use connection::build_client_tls_connector;
pub use connection::parse_server_name;
pub use connection::serve_tls_handshake;
pub use ctx::SecurityConfig;
pub use ctx::SecurityCtx;
pub use ctx::SecurityError;
pub use ctx::authenticate;
pub use ctx::authorize;
pub use ctx::build_ctx;
pub use ctx::extract_mtls_subject;
pub use tls::TlsConfigError;
pub use tls::load_server_config;
pub use rustls;
pub use rustls_pemfile;
pub use rustls_pki_types;

Modules§

acl
§7.3 topic ACL — read/write permissions per topic with wildcard and group matching.
auth
§7.2 auth modes — none|bearer|jwt|mtls|sasl.
connection
Connection wire-up helpers for the six bridge daemons.
ctx
Daemon-facing convenience: SecurityConfig (CLI/YAML surface) → SecurityCtx (resolved). Used identically by all six bridge daemons — the only difference is the connection path into which the ctx is hooked.
tls
§7.1 TLS — rustls 0.23 ServerConfig builder.